On 04/28/2017 06:36 PM, Gordon Messmer wrote:
On 04/28/2017 12:06 AM, Robert Moskowitz wrote:
Here are the messages I got:
type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh }
for pid=3047 comm="cleanup"
scontext=system_u:system_r:postfix_master_t:s0
tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process
permissive=1
My advice would be to slow down, and solve one problem at a time.
I failed to look at the content of these messages and see that there was
also a problem with postfix accessing mysql. I was not getting any
errors about this in maillog.
We were talking about testing dovecot, and now you're testing postfix.
I would have to think a bit about how to test dovecot accessing mysql
without it processing an email handed off to it by postfix.
I know you need them both to work, but these are separate services,
with their own individual policies. If you're going to submit a bug
report, you need to be able to specifically describe the problem and
the solution. You're not going to do that by mixing different
services together.
Nope. But I see now there is a broader problem.
sendmail -i testit3@xxxxxxxxxxxxxxxxxxxx <
/usr/share/doc/amavisd-new-2.10.1/test-messages/README
It failed accessing mysql with the following maillog messages:
Yes, but the policy you added earlier only granted MySQL access to
dovecot. For postfix, you'll want to check for booleans first and
then create a policy (without debugging AVCs) if no boolean exists,
and then look at debugging AVCs if there are still issues (which is
*almost* never the case).
So now I do some googling about postfix/mysql and SELinux. Probably a
better discussed combination.
When I get home Monday, I am going to rebuild the server.
That would be good. Keep a log of *all* of the changes you make to
the system, from the very beginning. Once you resolve the problem,
rebuild the server again and follow your log.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
